Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Complete session regeneration + last manual reauthenticated time feature #10

Open
rishabhpoddar opened this issue Sep 11, 2020 · 0 comments
Open

Complete session regeneration + last manual reauthenticated time feature #10

rishabhpoddar opened this issue Sep 11, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@rishabhpoddar
Copy link
Member

rishabhpoddar commented Sep 11, 2020
edited
Loading

  • Change blacklisting to also check for the actual access token from the database, cause when we regenerate a session, the session is not removed fully, but only the token is changed (make sure to send try refresh token in the case that session exists, but tokens don't match as opposed to unauthorised). We do not need to change the refresh token because that has token theft detection anyway.

  • We must update lmrt only when the session is being regenerated for the purpose of auth? Otherwise, if we simply update the lmrt each time the JWT payload changes (like in the case of fauna), that may pose inaccurate results.
@rishabhpoddar rishabhpoddar added feature-request enhancement New feature or request and removed feature-request labels Sep 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rishabhpoddar